using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient; 

public partial class loggedin_Agregar : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void btnAgregar_Click(object sender, EventArgs e)
    {
        bool result = false;
        string connectionString = @"Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated Security=True;Connect Timeout=30;User Instance=True";
        
        //string queryString = "SELECT * FROM dbo.TodoJunto WHERE [UserName] = '" + User.Identity.Name + "';";
        string queryString = "INSERT INTO dbo.TodoJunto (UserName, Titulo, Autor, Editorial, Email, Localidad, Prestado_a, Imagen)";
        queryString += "VALUES (";
        queryString += "'" + User.Identity.Name + "'";
        queryString += ",";
        queryString += "'" + txtTitulo.Text + "'";
        queryString += ",";
        queryString += "'" + txtAutor.Text +"'";
        queryString += ",";
        queryString += "'" + txtEditorial.Text +"'";
        queryString += ",";
        queryString += "'" + "bla@bla" +"'";
        queryString += ",";
        queryString += "'" + "localidad" +"'";
        queryString += ",";
        queryString += "'" + "" +"'";
        queryString += ",";
        queryString += "'" + txtUrlFoto.Text +"'";
        queryString += ")";

        using (SqlConnection connection = new SqlConnection(connectionString))
        {
            SqlCommand command = new SqlCommand(queryString, connection);
            try
            {
                connection.Open();
            }
            catch (System.Data.Common.DbException ex)
            {
                string error = "Connection Error: " + ex.Message;
                error = error.Replace("\\", "-");
                Response.Write("<script language=javascript>alert(\"" + error + "\")</script>");
                return;
            }

            //SqlDataReader reader;
            try
            {
                command.ExecuteNonQuery();
            }
            catch (System.Data.Common.DbException ex)
            {
                string error = "Connection Error: " + ex.Message;
                Response.Write("<script language=javascript>alert(\"" + @error + "\")</script>");
                return;
            }

            //if (reader.HasRows)
            //{
            //    reader.Read();
            //    string dbpass = String.Format("{0}", reader[0]);
            //    if (dbpass == pass)
            //        result = true;
            //}

            // Call Close when done reading.
            //reader.Close();
            //reader.Dispose();
            connection.Close();
            connection.Dispose();

            Response.Redirect("Agregar.aspx");
           // return result;
        }
       

    }
}
